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(54) Title: MANAGEMENT OF COMPUTER WORKSTATIONS 
(57) Abstract 



A method of managing a plu- 
rality of computer workstations inter- 
connected by a network, the work- 
stations including at least one policy 
group. The method includes the steps 
of receiving data relating to the pol- 
icy group definition and generating a 
program representative of iht policy 
group definition data. The generated 
program is sent to each of the plu- 
rality of workstations and the work- 
stations instructed to check, by em- 
ploying the program, whether or not 
each respective workstation belongs 
or does not belong to the at least 
one policy groups. The results of the 
checking step from each work station 
are relumed lo at least one managing 
station. 
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The subject of this application is concerned with 
modern networks of computers. With the advent of reliable 
Local Area Networks (LANs) and good quality Wide Area 
Networks (WANs) it has been possible to interconnect low 
cost powerful personal computers and file / print server 
equipment. Such networks of computers have grown very 
quickly in recent years so that it is not uncommon to find 
networks ranging from thousands to tens of thousands of 
computer (nodes) all within the same commercial 
organisation- Companies usually develop such networks to 
cover a number of main sites which will be served by LANs 
and interconnected via WAN links. 

This structure is in marked contrast to the structure 
>of data networks of 10 years ago where computer terminals 
were connected directly (or via concentrators) to one or a 
very few large mainframe computers. 

Not only does this change represent a major difference 
in technology, but it also gives rise . to differences in 
operating principles, in the old mainframe case, all 
services were provided and controlled centrally from the 
company's IT and Operations departments; whereas now there 
is a strong tendency to decentralise and for individual 
departments become responsible for their own workstation 
PCs. In any event, no central control is implied or 
(usually) imposed on LANs and their connected systems. 

Management systems for controlling the network 
infrastructure of LAN/WAN networks are frequently to be 
found but to date, few (if any) of these address the 
problem of managing workstations and their servers (fig l) . 
A major problem comes about from the fact that each PC is 
independent of the others and thus may be configured 
differently and without reference to them. Each may contain 
different software suites as well as different hardware. 
However, since they are all using a common data 
infrastructure (the LAN/WAN) these differences can give 
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agent residing in) each workstation will check periodically 
whether or not it fulfils any group membership and if so it 
will transmit a trap or event message to the network 
management station. This in turn on receiving these traps 
5 will update its database to reflect this- Thus, since the 
membership of each group is checked independently by each 
workstation, the effect is one of producing an inventory in 
real time of network status. Policies can therefore be 
managed with an assurance of accurate and timely 

10 information. 

The novelty of the above approach is in respect of the 
f acr that the decisions for group membership are taken by 
each workstation itself and independently of any others. In 
order to do this, it is necessary that the stations are 

15 capable of receiving and processing the definition 
information, be it in the form of a definition file or in 
the form of an executable script or program which is 
generated at the management station. This in turn implies 
the presence of some form of management agent in the 

20 workstations, and a communications sub-system which can 
send to and receive transmissions from ■ the management 
system, which itself will update its database to record any 
changes - 

One example of the present invention will now be 
25 described with reference to the accompanying drawings, in 
which: 

Figure 1 shows a computer network; 

Figure 2 shows a network management system employing 
the invention; and 
30 Figure 3 is a flow diagram of an operation according 

to the invention. 

Figure 1 shows a standard node computer network 10 
which has plural interconnected user workstations 11. The 
workstations are managed from a main network management 
35 station 12. 

The problem cited above of managing the workstations 
11, can be seen in this context as one of updating (reading 



30CX;iD- <WO 9809*02^ ?_L> 



wo 98/09402 PCT/EP97/04614 



5 

to manage this information on larger scale management 
systems because of the esctent of the information, the 
numbers of nodes involved and the inter-relationships which 
may exist between co-operating network devices 11. 
5 Manageable devices 11 are those end stations which can 

be interrogated and updated from the management system 12. 
This interrogation and updating is performed by sending 
messages (from the communications sub-system 4) to control 
programs (known as agents) which reside and are always 
10 active locally in the end stations 11. These agents are 
very common in network devices (such as bridges and 
routers) but are only just becoming available for user 
workstations. 

The steps reguired for the implementation of the 

15 invention are shown in fig 3. The actions are initiated by 
a network administrator who will decide on the group 
membership conditions and configure his management station 
12 accordingly (step 1) . This is then compiled into scripts 
or programs (step 2) which are sent to all workstation 

20 agents on the network 10 (step 3) . Note that normally 
there will be many group definitions active at any one 
time. At each workstation 11, on receiving a new group 
definition, the local agent will add it to his list of 
active group conditions and periodically will check the 

25 workstation 11 to see if any changes have taken place which 
affect the membership conditions (step 4) . The rate at 
which this checking (polling) takes place is given by the 
script, since some conditions are more dynamic than others. 
A typical check on available disk space, for example, might 

30 be once every 15 seconds, whereas that for installed 
software . need only be once every 10 minutes. Note that the 
agent will perform these checks independently of the 
workstation 11 being connected to the network 10, and will 
signal them as and when it is reconnected. This is 

35 particularly useful for portable PCs. 

Whenever a change is detected which affects the 
membership of one or more defined groups, the agent causes 
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1. A method of managing a plurality of computer 
workstations interconnected by a network, the workstations 
including at least one policy group, the method including 
the steps of: 

receiving data relating to the policy group 

definitions- 
generating a program representative of the policy 

group definition data; 

sending the generated program to each of the plurality 
of workstations; 

instructing the workstations to check, by employing 
the program, whether or not each respective workstation 
belongs or does not belong to the at least one policy 
groups ; and 

returning the results of the checking step from each 
work station to at least one managing station. 

2- A method according to claim 1, wherein the policy 
group definition data is received at a remote location. 

3. A method according to claim 1 or claim 2, wherein the 
generated program is generated at a remote location. 

4. A method according to any of claims 1 to 3 , wherein 
the checking step is performed regardless of whether the 
workstation is connected to a network or not. 

5. A method according to any of the preceding claims, 
wherein the generated program is altered in response to the 
returned results. 



INTERNATIONAL SEARCH REPORT 



Intel. onaJ Applicdtion No 

PCT/EP 97/04614 



A. CLASSIFICATION OF SUBJECT MATTER 

IPC 6 H04L12/24 



According lo Intomadonal Patent Ctassrfication(IPC) or lo both national dassificatton and IPC 



B. FIELDS SEARCHED 



Minimum documemaiton searched (ctassittcation system followed byclassitication symbols) 

IPC 6 H04L 



Documentation searcned oiner than mmimum documentation lo the extent that such documents are included in the (leiQS searched 



Electronic data base consunad during tne tnternatior^al searcn (name ot data oase and. where practical, search terms used) 



C. DOCUMENTS CONSIDERED TO BE RELEVANT 



Category " Citation of document, with indication, where appropnaie, ot the relevant passages 



Relevant to claim No. 



VASSILA A ET AL: "INTRODUCING ACTIVE 
MANAGED OBJECTS FOR EFFECTIVE. AND . 
AUTONOMOUS DISTRIBUTED MANAGEMENT" 
BRINGING TELECOMMUNICATION SERVICES TO THE 
PEOPLE - ISS & N 1995, THIRD INTERNATIONAL 
CONFERENCE ON INTELLIGENCE IN BROADBAND 
SERVICE AND NETWORKS, HERAKLION, CRETE, 
OCT. 16 - 19, 1995. PROCEEDINGS, 
no. CONF. 3, 16 October 1995, CLARKE 



1-5 



A;CAMPOLARGO M; KARATZAS N (EOS 
pages 415-429, XP000593492 



), 



see 


paragraph 


1 






see 


page 416, 


1 ine 


6 - 


line 18 


see 


page 417, 


1 Ine 


3 - 


line 13 


see 


page 419, 


1 i ne 


30 


- line 40 


see 


page 420, 


1 ine 


4 - 


1 Ine 8 . 


see 


page 421, 


1 Ine 


4 - 


line 17 


see 


page 422, 


line 


13 


- line 15 



-/- 



Further documents ere listed m the conltnuation ot box C. 



Patent family members are listed in annex. 



" Special caiegortes of cued documents : 

"A" document defining the general stale of tne ah which is not 

considered to oe of panicular relevance 
*E' earlier document but published on or atter the international 

filing dale 

"L" document which may throw doubts on priontv claim<s) or 
which is oted to esiat>lish ttie publication oate of another 
citation or other soacial reason (as specified) 

•Q' document ret ernng to an oral disclosure, use. exhibition or 
other means 

*P" document oubiished prior to the International fihng date but 
later than the pnonty date claimed 



'T' later document puolishao altar the tnterruitional filing date 
or priority date ana not \n contnct wrth tfie application but 
cited to understand the princple or trieory urxjerlying the 
tnvention 

'X" document of particular relevarKe; the claimed invention 
cannot be considered novel or cannot be considered to 
involve an inventive step when the document ts talten alone 

'Y* document ot particular relevance: the claimed invention 

cartnot be considered to involve an inventive step when Ihe 
docufneni is combined with one or more other sucn docu- 
ments. such combination being obvious to a person skilled 
in the art. 

"&* document member of the same patent family 



Date ot tne actual completion ot thernternaiionai search 



18 November 1997 



Date of matitog of the international search repon 



02/12/1997 



Name and mailing adorass of tr%e ISA 

European Patent Otfice. P.B. 5818 Patantlaan2 
NL - 2280 HV Rttawiik 
Tel. (♦31-70) 340-2040. Tx. 31 651 epo nl. 
Fax: (+31-70) 340-3016 



Authonzed officer 



Cichra. M 



Foim PCT/ISA/210 (second stmso (July 1992) 
3DOCID <WO 9809402A1 I > 



page 1 of 2 



INTERNATIONAL SEARCH REPORT 

Information on patent tamlly members 



tntet. onal Application No 

PCT/EP 97/04614 



Patent document 
cited in search report 



Publication 
date 



Patent family 
member{s) 



Pubticatjon 
aate 



us 5193152 A 



09-03-93 



NONE 



US 4385384 A ^4-Ud-oj bt 


OO/OOD 


A 
rt 


lU /o 




1 1 JiOJo 


A 

A 


1 0-1 n-Q9 


LA 


111 QQOa 

1 1 Joy 90 


A 

A 


U**"U 1 £5 J 


LA 


1 1 joyyy 


A 

A 


U*t"Ul"Oj 


LA 


1 1 'J QOQ7 


A 

A 




LA 


1 1 

1 i joyyo 


A 

A 


U** Ul Oj 


LA 


1 1 "^QAAQ 


A 
A 


1 1 _A1 _Q7 


r Li 
LH 


dA oonQ 
D4^^:Uy 


A 

A 


0 A_A0_Q>1 


CH 


d41o1Z 


A 

A 


^y-U^-{54 


CH 


641513 


A 

A 


^y-U^ OH 


CH 


642499 


A 


13-04-84 


DE 


2824578 


A 


11-01-79 


FR 


2408953 


A 


08-06-79 


GB 


1605058 


A 


16-12-81 


GB 


1605059 


A 


16-12-81 


GB 


1605057 


A 


16-12-81 


JP 


54016949 


A 


07-02-79 


JP 


1009783 


B 


20-02-89 


JP 


1603308 


C 


04-04-91 


JP 


62142434 


A 


25-06-87 


SE 


438932 


B 


13-05-85 


SE 


7806295 


A 


02-02-79 



SDOCID- <WO 



Foim PCT/iSAAlO (pawnt lanMy annvxl (July i992> 
9809A02A1 I > 



